bumblebee | 064d21a62fc8718a707c3cf6ca91fddeb2fd407dfee47a923638a91a57b338a4

Sharing

Copy URL

Twitter E-mail

General

Target

064d21a62fc8718a707c3cf6ca91fddeb2fd407dfee47a923638a91a57b338a4
Size

767KB
MD5

74c7cc8ed87bb566e53c80bcd558cf8f
SHA1

97043ccf75819a162bfa43476ebb30098bf5c435
SHA256

064d21a62fc8718a707c3cf6ca91fddeb2fd407dfee47a923638a91a57b338a4
SHA512

57b73913de94f81363db58c55affbd032c848615b264e37e452d1632c8f4581d9afde9b0709127319d9b7b657449ef197bf541bef3c1c0381757a3845b0ec286
SSDEEP

12288:iBRrjegjBhWfxe4mN/MG0tgbn3ZM03nQZTdnnRof25vTO9TGasqeeZUx:iBRr6gjBoVmNE8b60AZTdnnR+eL

Score

10^/10

1705r bumblebee

Malware Config

Extracted

Family

bumblebee

Botnet

1705r

176.107.177.124:443

192.236.160.254:443

192.236.192.85:443

rc4.plain

Signatures

Bumblebee family
bumblebee

Files

064d21a62fc8718a707c3cf6ca91fddeb2fd407dfee47a923638a91a57b338a4
.dll windows x64

981d321b3623c0f49357437c6a744cc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertCreateCertificateChainEngine

secur32

InitSecurityInterfaceA

kernel32

SetEvent
TerminateThread
GetCurrentProcessId
CreateEventA
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
TlsAlloc
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
TlsGetValue
TlsFree
FormatMessageA
CreateIoCompletionPort
ReadFile
SetHandleInformation
WriteFile
TerminateProcess
CreatePipe
CreateProcessA
FileTimeToSystemTime
LoadLibraryW
GetLocalTime
GetProcAddress
SystemTimeToFileTime
GetModuleHandleW
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
OpenProcess
LoadLibraryA
VirtualProtectEx
OpenThread
MultiByteToWideChar
GetModuleFileNameW
SetFilePointer
lstrlenA
CreateFileW
lstrcmpA
VirtualAlloc
HeapFree
CreateFileA
HeapReAlloc
HeapAlloc
GetFileSize
GetLastError
VirtualQuery
lstrcpyA
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsW
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
VerifyVersionInfoW
GetFileAttributesW
Process32NextW
Process32FirstW
GetStdHandle
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
SetFilePointerEx
HeapSize
GetConsoleMode
Sleep
lstrcatA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
GetConsoleCP
FlushFileBuffers
SetStdHandle
ResetEvent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
GetProcessHeap
FindFirstFileExA
FindClose
GetOEMCP
IsValidCodePage
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
GetACP
WriteConsoleW
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
RtlUnwindEx
InterlockedFlushSList
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

user32

FindWindowW
wsprintfW

advapi32

LookupPrivilegeValueA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocString
VariantClear
VariantInit

mpr

WNetGetProviderNameW

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
select
WSASend
WSASocketW
WSAGetLastError
setsockopt
getaddrinfo
ioctlsocket
freeaddrinfo
getsockopt
WSARecv
WSACleanup
connect
closesocket
WSAStartup

shlwapi

PathCombineW
StrCmpIW
StrChrA
StrStrIW
StrToIntA

Exports

Exports

nxhUOYzfac
SetPath

Sections

.text
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

981d321b3623c0f49357437c6a744cc2

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

secur32

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

iphlpapi

ws2_32

shlwapi

Exports

Exports

Sections

.text Size: 437KB - Virtual size: 437KB

.rdata Size: 216KB - Virtual size: 216KB

.data Size: 71KB - Virtual size: 93KB

.pdata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 504B

.tls Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 437KB - Virtual size: 437KB

.rdata
Size: 216KB - Virtual size: 216KB

.data
Size: 71KB - Virtual size: 93KB

.pdata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 504B

.tls
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB